Add test for CVE-2016-2018
authorDr. Stephen Henson <steve@openssl.org>
Sat, 23 Apr 2016 12:52:43 +0000 (13:52 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 3 May 2016 12:06:15 +0000 (13:06 +0100)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
test/d2i-tests/high_tag.der [new file with mode: 0644]
test/recipes/25-test_d2i.t

diff --git a/test/d2i-tests/high_tag.der b/test/d2i-tests/high_tag.der
new file mode 100644 (file)
index 0000000..5c523ec
Binary files /dev/null and b/test/d2i-tests/high_tag.der differ
index 9e1a643..d50de04 100644 (file)
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
 
 setup("test_d2i");
 
-plan tests => 3;
+plan tests => 4;
 
 ok(run(test(["d2i_test", "X509", "decode",
              srctop_file('test','d2i-tests','bad_cert.der')])),
@@ -28,3 +28,12 @@ ok(run(test(["d2i_test", "GENERAL_NAME", "decode",
 ok(run(test(["d2i_test", "ASN1_ANY", "BIO",
              srctop_file('test','d2i-tests','bad_bio.der')])),
    "Running d2i_test bad_bio.der");
+# This test checks CVE-2016-2108. The data consists of an tag 258 and
+# two zero content octets. This is parsed as an ASN1_ANY type. If the
+# type is incorrectly interpreted as an ASN.1 INTEGER the two zero content
+# octets will be reject as invalid padding and this test will fail.
+# If the type is correctly interpreted it will by treated as an ASN1_STRING
+# type and the content octets copied verbatim.
+ok(run(test(["d2i_test", "ASN1_ANY", "OK",
+             srctop_file('test','d2i-tests','high_tag.der')])),
+   "Running d2i_test high_tag.der");